G
Guest
Our Nessus scanner occasionally alerts on a WEB-MISC http directory traversal
where the source IP is one of our Terminal servers and the destination IP is
somewhere on web. There are no web services hosted on our terminal servers,
so I never seen this type of activity trying to come in from the internet.
I'm trying to figure out if this is something I should be worried about? Is
someone inside our network purposely attempting to do something they
shouldn't? Is it possible this server has been hijacked and someone is using
it to do their dirty work?
where the source IP is one of our Terminal servers and the destination IP is
somewhere on web. There are no web services hosted on our terminal servers,
so I never seen this type of activity trying to come in from the internet.
I'm trying to figure out if this is something I should be worried about? Is
someone inside our network purposely attempting to do something they
shouldn't? Is it possible this server has been hijacked and someone is using
it to do their dirty work?